mirror of
https://github.com/harryssecret/homelab-nix.git
synced 2025-08-07 22:20:33 +02:00
updated sisyphe
This commit is contained in:
parent
2113e53b7e
commit
931557e4b5
3 changed files with 46 additions and 60 deletions
|
|
@ -79,7 +79,7 @@ in
|
||||||
allowedTCPPorts = [
|
allowedTCPPorts = [
|
||||||
22 # ssh
|
22 # ssh
|
||||||
80 # http
|
80 # http
|
||||||
443 # ssh
|
443 # ssl
|
||||||
8080
|
8080
|
||||||
];
|
];
|
||||||
allowedUDPPorts = [ ];
|
allowedUDPPorts = [ ];
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@
|
||||||
imports = [
|
imports = [
|
||||||
./backups-repos.nix
|
./backups-repos.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
sops.secrets.borgRepoPassword = { };
|
sops.secrets.borgRepoPassword = { };
|
||||||
sops.secrets.borgRemoteServerPassword = {
|
sops.secrets.borgRemoteServerPassword = {
|
||||||
sopsFile = "${secrets}/secrets/backup.yaml";
|
sopsFile = "${secrets}/secrets/backup.yaml";
|
||||||
|
|
@ -21,42 +22,6 @@
|
||||||
sopsFile = "${secrets}/secrets/backup.yaml";
|
sopsFile = "${secrets}/secrets/backup.yaml";
|
||||||
};
|
};
|
||||||
|
|
||||||
services.borgbackup.jobs = {
|
|
||||||
/*
|
|
||||||
localBackup = {
|
|
||||||
paths = "/";
|
|
||||||
exclude = [
|
|
||||||
"/nix"
|
|
||||||
"/srv/Multimedia"
|
|
||||||
"/srv/media"
|
|
||||||
"/srv/backups/serverBackups"
|
|
||||||
"/srv/backups/localComputerBackups"
|
|
||||||
"/var/cache"
|
|
||||||
"/var/run"
|
|
||||||
"/tmp"
|
|
||||||
"/proc"
|
|
||||||
"/sys"
|
|
||||||
"/dev"
|
|
||||||
"/mnt"
|
|
||||||
"/run"
|
|
||||||
];
|
|
||||||
repo = "/srv/backups/serverBackups";
|
|
||||||
doInit = true;
|
|
||||||
encryption = {
|
|
||||||
mode = "repokey";
|
|
||||||
passCommand = "cat /run/secrets/borgRepoPassword";
|
|
||||||
};
|
|
||||||
compression = "auto,lzma";
|
|
||||||
startAt = "weekly";
|
|
||||||
};
|
|
||||||
|
|
||||||
/*
|
|
||||||
serverBackup = {
|
|
||||||
|
|
||||||
};
|
|
||||||
*/
|
|
||||||
};
|
|
||||||
|
|
||||||
services.borgbackup.repos = {
|
services.borgbackup.repos = {
|
||||||
borgPersonalServer = {
|
borgPersonalServer = {
|
||||||
authorizedKeys = [
|
authorizedKeys = [
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,9 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
{
|
{
|
||||||
imports = [ ./forgejo-smtp.nix ];
|
imports = [ ./forgejo-smtp.nix ];
|
||||||
sops.secrets.smtp_address = { };
|
sops.secrets.smtp_address = { };
|
||||||
|
|
@ -36,34 +41,50 @@
|
||||||
mailerPasswordFile = config.sops.secrets.smtp_password.path;
|
mailerPasswordFile = config.sops.secrets.smtp_password.path;
|
||||||
};
|
};
|
||||||
|
|
||||||
/*
|
servuces.fail2ban = {
|
||||||
sops.secrets.forgejo-runner-token = {
|
enable = true;
|
||||||
owner = "forgejo";
|
jails = {
|
||||||
};
|
forgejo = {
|
||||||
services.gitea-actions-runner = {
|
settings = {
|
||||||
package = pkgs.forgejo-actions-runner;
|
logpath = "/var/log/forgejo/log/gitea.log";
|
||||||
instances.default = {
|
filter = "forgejo";
|
||||||
enable = true;
|
port = "http,https,ssh";
|
||||||
name = "monolith";
|
maxretry = 20;
|
||||||
url = "https://git.hypervirtual.world";
|
findtime = 300;
|
||||||
# Obtaining the path to the runner token file may differ
|
bantime = 900;
|
||||||
# tokenFile should be in format TOKEN=<secret>, since it's EnvironmentFile for systemd
|
};
|
||||||
tokenFile = config.sops.secrets.forgejo-runner-token.path;
|
};
|
||||||
labels = [
|
|
||||||
"ubuntu-latest:docker://node:16-bullseye"
|
|
||||||
"ubuntu-22.04:docker://node:16-bullseye"
|
|
||||||
## optionally provide native execution on the host:
|
|
||||||
# "native:host"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
*/
|
|
||||||
|
/*
|
||||||
|
sops.secrets.forgejo-runner-token = {
|
||||||
|
owner = "forgejo";
|
||||||
|
};
|
||||||
|
services.gitea-actions-runner = {
|
||||||
|
package = pkgs.forgejo-actions-runner;
|
||||||
|
instances.default = {
|
||||||
|
enable = true;
|
||||||
|
name = "monolith";
|
||||||
|
url = "https://git.hypervirtual.world";
|
||||||
|
# Obtaining the path to the runner token file may differ
|
||||||
|
# tokenFile should be in format TOKEN=<secret>, since it's EnvironmentFile for systemd
|
||||||
|
tokenFile = config.sops.secrets.forgejo-runner-token.path;
|
||||||
|
labels = [
|
||||||
|
"ubuntu-latest:docker://node:16-bullseye"
|
||||||
|
"ubuntu-22.04:docker://node:16-bullseye"
|
||||||
|
## optionally provide native execution on the host:
|
||||||
|
# "native:host"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
*/
|
||||||
systemd.services.forgejo.preStart = ''
|
systemd.services.forgejo.preStart = ''
|
||||||
create="${lib.getExe config.services.forgejo.package} admin user create"
|
create="${lib.getExe config.services.forgejo.package} admin user create"
|
||||||
$create --admin --email "`cat ${config.sops.secrets.forgejoInitialMail.path}`" --username you --password "`cat ${config.sops.secrets.forgejoInitialPassword.path}`" &>/dev/null || true
|
$create --admin --email "`cat ${config.sops.secrets.forgejoInitialMail.path}`" --username you --password "`cat ${config.sops.secrets.forgejoInitialPassword.path}`" &>/dev/null || true
|
||||||
'';
|
'';
|
||||||
|
|
||||||
services.caddy.virtualHosts."http://git.hypervirtual.world".extraConfig = ''
|
services.caddy.virtualHosts."http://git.hypervirtual.world".extraConfig = ''
|
||||||
reverse_proxy :3333
|
reverse_proxy :3333
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue